Re: Failover for ldapdb doesn't work when packets are dropped by iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--On 15. Mai 2017 um 10:14:22 -0500 Dan White <dwhite@xxxxxxx> wrote:

On 05/15/17 16:45 +0200, Sebastian Hagedorn wrote:
--On 15. Mai 2017 um 08:38:09 -0500 Dan White <dwhite@xxxxxxx> wrote:

On 05/15/17 14:30 +0200, Sebastian Hagedorn wrote:
we're trying to move from auxprop sasldb to ldapdb. Everything is
working fine with both cyrus-imapd and sendmail. Even failover seems
to be working (with multiple entries for ldapdb_uri), but only if the
client gets a reject of some sort. Initially I tried to simulate the
failure of the primary LDAP server with an iptables rule that dropped
the packets. That led to a 30 second timeout and no failover taking
place:

You can limit the network timeout functionality of the ldapdb plugin
using the ldapdb_rc sasl option:

http://www.sendmail.org/~ca/email/cyrus2/options.html

See ldap.conf(5) and it's TIMEOUT/TIMELIMIT options.

Thanks, but that doesn't seem to work either. I added the following
line to Sendmail.conf:

ldapdb_rc: /etc/sasl2/ldap.rc

$ cat /etc/sasl2/ldap.rc
TIMEOUT 2
TIMELIMIT 2
NETWORK_TIMEOUT 2

I restarted sendmail, but I still get the 30 second timeout.

Note from the manpage:

"The LDAPRC, if defined, should be the basename of a file in the current
working directory or in the user's home directory."

Alternatively, you could define the options in your global ldap.conf.

Thanks again. That did the trick!
--
   .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                .:.Regionales Rechenzentrum (RRZK).:.
  .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

Attachment: pgpOUffS3fhyt.pgp
Description: PGP signature


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux